class RuboCop::Cop::GitlabSecurity::SystemCommandInjection
Check for use of system(“/bin/ls #{params}”)
Passing user input to system() without sanitization and parameterization can result in command injection
@example
# bad system("/bin/ls #{filename}") # good (parameters) system("/bin/ls", filename) # even better exec("/bin/ls", shell_escape(filename))
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/gitlab-security/system_command_injection.rb, line 26 def on_send(node) return unless node.command?(:system) return unless node.arguments.any? { |e| system_var?(e) } add_offense(node, location: :selector) end